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Initailization Phase (one time) 
Client Content Provider 



upon client access an applet (containing Kc) is downloaded ) 

1. picks random a and sends: 
11 



IDu, IDm, g^a 




12 




2. picks random b and Nb, calculates 
Kab = g'^(a*b) and sends: 



PWu(g'^b), Kab(Nb) 



3. calculates Kab. picks random 
Na and sends: 



13 



Kab(Na), MAC(Kab, Na Nb) 
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4. Verifies MAC, stores Kab, stores 
IDm and sends: 



MAC(Kab, Nb Na) 



5. verifies MAC and stores PW(Kc(Kab)) 
Kc is hidden key of Content Provider used by 
applet on the client machine 
*note this does not necessairly have to match PWu 



Fig.l 
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Client 



Access Phase 

Content Provider 



upon client access an applet (containing Kc) is downloaded 



1 . picks random x and sends M1 : 

21 



M1 = IDu, IDm(part), g'^x 




22 




2. picks random y calculates 
Kxy = g'^(x*y) and sends M2: 



M2 = g'^y 



3. calculates Kxy and sends: 

(Ka b produced from Kc(Kab) -see FIG 1) 

23 



MAC(Kab. M2M1) 




4. verifies MAC and I Dm and sends: 




24 

5. verifies MAC 

26 



MAC(Kab, M1 M2) 




Kxy (data) 




6. Transport of Page 

Session key Kxy used to encrypt data by CP and decrypt on client's machine. 
Prior to encrypting web page with Kxy, the CP first decrypts the web page from 
storage using local encryption 



Fig. 2 
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Table of Information kept by Content Provider 



Users 


IDm 


IDu 


PWu 


Kab 


User1 










User2 










User3 










User4 











Fig. 3 



